def graphs_index():
db = current.globalenv['db']
cache = current.globalenv['cache']
graph = {}
host_by_sev = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
if current.globalenv['settings'].use_cvss:
maxhostsev = db.t_vulndata.f_cvss_score.max()
else:
maxhostsev = db.t_vulndata.f_severity.max()
q = (db.t_service_vulns.f_services_id == db.t_services.id) & (
db.t_vulndata.id == db.t_service_vulns.f_vulndata_id)
for rec in db(q).select(maxhostsev,
db.t_services.f_hosts_id,
orderby=db.t_services.f_hosts_id,
groupby=db.t_services.f_hosts_id):
host_by_sev[int(rec[maxhostsev])] += 1
graph['top_host_sev_count'] = ''
cnt = 0
for h_rec in host_by_sev:
graph['top_host_sev_count'] = graph[
'top_host_sev_count'] + "{ name: 'Sev %s', color: '%s', y: %d},\n" % (
cnt, severity_mapping(cnt)[2], h_rec)
cnt += 1
graph['top_host_sev_count_raw'] = host_by_sev
vuln_by_sev = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
count = db.t_vulndata.id.count()
if current.globalenv['settings'].use_cvss:
rows = db(db.t_vulndata.id == db.t_service_vulns.f_vulndata_id).select(
db.t_vulndata.f_cvss_score,
count,
orderby=db.t_vulndata.f_cvss_score,
groupby=db.t_vulndata.f_cvss_score)
else:
rows = db(db.t_vulndata.id == db.t_service_vulns.f_vulndata_id).select(
db.t_vulndata.f_severity,
count,
orderby=db.t_vulndata.f_severity,
groupby=db.t_vulndata.f_severity)
for rec in rows:
if current.globalenv['settings'].use_cvss:
vuln_by_sev[int(rec.t_vulndata.f_cvss_score)] += rec[count]
else:
vuln_by_sev[rec.t_vulndata.f_severity] = rec[count]
graph['vuln_by_sev_count'] = ''
graph['vuln_by_sev_count_raw'] = vuln_by_sev
cnt = 0
for h_rec in vuln_by_sev:
graph[
'vuln_by_sev_count'] += "{ name: 'Sev %s', color: '%s', y: %d},\n" % (
cnt, severity_mapping(cnt)[2], h_rec)
cnt += 1
return graph
def graphs_index():
db = current.globalenv['db']
cache = current.globalenv['cache']
graph = {}
host_by_sev = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
maxhostsev = db.t_vulndata.f_severity.max()
q = (db.t_service_vulns.f_services_id == db.t_services.id) & (db.t_vulndata.id == db.t_service_vulns.f_vulndata_id)
for rec in db(q).select(maxhostsev, db.t_services.f_hosts_id, orderby=db.t_services.f_hosts_id, groupby=db.t_services.f_hosts_id):
host_by_sev[rec[maxhostsev]] += 1
graph['top_host_sev_count'] = ''
cnt = 0
for h_rec in host_by_sev:
graph['top_host_sev_count'] = graph['top_host_sev_count'] + "{ name: 'Sev %s', color: '%s', y: %d},\n" % (cnt, severity_mapping(cnt)[2], h_rec)
cnt += 1
graph['top_host_sev_count_raw'] = host_by_sev
vuln_by_sev = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
count = db.t_vulndata.id.count()
for rec in db(db.t_vulndata.id == db.t_service_vulns.f_vulndata_id).select(db.t_vulndata.f_severity,count, orderby=db.t_vulndata.f_severity, groupby=db.t_vulndata.f_severity):
vuln_by_sev[rec.t_vulndata.f_severity] = rec[count]
graph['vuln_by_sev_count'] = ''
graph['vuln_by_sev_count_raw'] = vuln_by_sev
cnt = 0
for h_rec in vuln_by_sev:
graph['vuln_by_sev_count'] += "{ name: 'Sev %s', color: '%s', y: %d},\n" % (
cnt, severity_mapping(cnt)[2], h_rec)
cnt += 1
return graph
def graphs_index():
db = current.globalenv['db']
cache = current.globalenv['cache']
graph = {}
host_by_sev = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
if current.globalenv['settings'].use_cvss:
maxhostsev = db.t_vulndata.f_cvss_score.max()
q = (db.t_vulndata.f_cvss_score >= 1.0)
else:
maxhostsev = db.t_vulndata.f_severity.max()
q = (db.t_vulndata.f_severity >= 1.0)
q &= (db.t_service_vulns.f_services_id == db.t_services.id) & (db.t_vulndata.id == db.t_service_vulns.f_vulndata_id)
for rec in db(q).select(maxhostsev, db.t_services.f_hosts_id, orderby=db.t_services.f_hosts_id, groupby=db.t_services.f_hosts_id):
host_by_sev[int(rec[maxhostsev])] += 1
graph['top_host_sev_count'] = ''
cnt = 0
for h_rec in host_by_sev:
graph['top_host_sev_count'] = graph['top_host_sev_count'] + "{ name: 'Sev %s', color: '%s', y: %d},\n" % (cnt, severity_mapping(cnt)[2], h_rec)
cnt += 1
graph['top_host_sev_count_raw'] = host_by_sev
vuln_by_sev = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
count = db.t_vulndata.id.count()
if current.globalenv['settings'].use_cvss:
q = (db.t_vulndata.id == db.t_service_vulns.f_vulndata_id) & (db.t_vulndata.f_cvss_score >= 1.0)
rows = db(q).select(
db.t_vulndata.f_cvss_score, count, orderby=db.t_vulndata.f_cvss_score, groupby=db.t_vulndata.f_cvss_score)
else:
q = (db.t_vulndata.id == db.t_service_vulns.f_vulndata_id) & (db.t_vulndata.f_severity > 0)
rows = db(q).select(
db.t_vulndata.f_severity, count, orderby=db.t_vulndata.f_severity, groupby=db.t_vulndata.f_severity)
for rec in rows:
if current.globalenv['settings'].use_cvss:
if rec.t_vulndata.f_cvss_score is not None:
vuln_by_sev[int(rec.t_vulndata.f_cvss_score)] += rec[count]
else:
# no CVSS score in record (val: None)
vuln_by_sev[0] += rec[count]
else:
if rec.t_vulndata.f_severity is not None:
vuln_by_sev[rec.t_vulndata.f_severity] = rec[count]
else:
# no Severity score in record (val: None)
vuln_by_sev[0] = rec[count]
graph['vuln_by_sev_count'] = ''
graph['vuln_by_sev_count_raw'] = vuln_by_sev
cnt = 0
for h_rec in vuln_by_sev:
graph['vuln_by_sev_count'] += "{ name: 'Sev %s', color: '%s', y: %d},\n" % (
cnt, severity_mapping(cnt)[2], h_rec)
cnt += 1
return graph
def list():
from skaldship.general import severity_mapping
response.title = "%s :: Services" % (settings.title)
if request.extension == 'json':
q = (db.t_services.id > 0)
proto = request.vars.f_proto
pnum = request.vars.f_number
if pnum:
q &= (db.t_services.f_number == pnum)
if proto:
q &= (db.t_services.f_protocol == proto)
q = create_hostfilter_query(session.hostfilter, q, 't_services')
# Datatables Server-side: http://datatables.net/usage/server-side
if request.vars.has_key('iDisplayStart'):
start = int(request.vars.iDisplayStart)
else:
start = 0
if request.vars.has_key('iDisplayLength'):
if request.vars.iDisplayLength == '-1':
limit = db(q).count()
else:
limit = start + int(request.vars.iDisplayLength)
else:
limit = int(auth.user.f_show_size)
srch_data = request.vars.get('sSearch')
if srch_data:
# sSearch global search box
# parse the search into fields (port:num proto:tcp etc)
srch_vals = [
["port", db.t_services.f_number],
["proto", db.t_services.f_proto],
["status", db.t_services.f_status],
["name", db.t_services.f_name],
["banner", db.t_services.f_banner],
["ip", db.t_hosts.f_ipaddr],
["hostname", db.t_hosts.f_hostname],
]
parsed = False
for val in srch_vals:
srch_str = "%s:(?P<f>\w+)" % val[0]
srch_res = re.findall(srch_str, srch_data)
for res in srch_res:
parsed = True
if val[0] == 'banner':
q &= (val[1].contains(res))
else:
q &= (val[1].upper() == res.upper())
if not parsed:
q &= db.t_services.f_proto.like("%%%s%%" % request.vars.sSearch) | \
db.t_services.f_number.like("%%%s%%" % request.vars.sSearch) | \
db.t_services.f_name.like("%%%s%%" % request.vars.sSearch) | \
db.t_services.f_banner.like("%%%s%%" % request.vars.sSearch) | \
db.t_services.f_status.like("%%%s%%" % request.vars.sSearch)
if request.vars.iSortingCols == '1':
cols = (
None,
None,
None,
db.t_services.f_hosts_id,
db.t_services.f_proto,
db.t_services.f_number,
db.t_services.f_status,
None,
None,
None,
None,
db.t_services.f_name,
db.t_services.f_banner,
)
orderby = cols[int(request.vars.iSortCol_0)]
if request.vars.sSortDir_0 == 'asc':
rows=db(q).select(orderby=orderby, limitby=(start, limit))
else:
rows=db(q).select(orderby=~orderby, limitby=(start, limit))
else:
rows=db(q).select(limitby=(start, limit))
nolimit = db(q).count()
aaData = []
# datatable formatting is specific
# gather all the vulndata and exploits into a big row
# later we'll do a find(lambda: row: row.<db>.<field> == <value>)
# to slice it into the bits we need. Maybe it'll be faster?
#vulndata = db().select(db.t_vulndata.f_vulnid, db.t_vulndata.id, db.t_exploit_references.f_exploit_id,
# left=db.t_exploit_references.on(db.t_vulndata.id==db.t_exploit_references.f_vulndata_id))
for r in rows:
atxt = {}
vulncount = 0
vulns = db(db.t_service_vulns.f_services_id==r.t_services.id).select(db.t_service_vulns.f_vulndata_id, cache=(cache.ram, 60))
vulnlist = []
explist=[]
for vuln in vulns:
vuln_rec = db.t_vulndata[vuln.f_vulndata_id]
if vuln_rec.f_vulnid not in vulnlist:
if settings.use_cvss:
vulnlist.append((vuln_rec.f_vulnid, vuln_rec.f_cvss_score))
else:
vulnlist.append((vuln_rec.f_vulnid, vuln_rec.f_severity))
exploits = db(db.t_exploit_references.f_vulndata_id == vuln.f_vulndata_id).select(cache=(cache.ram, 60))
if len(exploits) > 0:
for expinfo in exploits:
exp = db.t_exploits[expinfo.f_exploit_id]
exp_link = A(exp.f_name, _href=URL('exploits', 'edit', extension='html', args=exp.id), _target='blank')
explist.append(TR(TD(exp_link),
TD(exp.f_title),
TD(exp.f_source),
TD(exp.f_rank)
) )
q = r.t_services.t_service_info.select(cache=(cache.ram, 60))
if (len(q) > 0) or (len(explist) > 0) or (len(vulnlist) > 0):
atxt['0'] = IMG(_src=URL(request.application,'static','images/details_open.png')).xml()
else:
atxt['0'] = ""
atxt['1'] = A("edit", _target="services_edit_%s" % (r.t_services.id), _href=URL('edit', args=[r.t_services.id], extension='html')).xml()
if len(q) > 0:
addl = []
for svcinfo in q:
addl.append(TR(TD(svcinfo.f_name), TD(svcinfo.f_text)))
atxt['2'] = TABLE(THEAD(TR(TH(T('Name')),
TH(T('Text')))),
TBODY(addl),
_class="table table-condensed table-striped",
_style="width:100%").xml()
else:
atxt['2'] = ''
host_rec = db.t_hosts[r.t_services.f_hosts_id]
atxt['3'] = host_a_maker(host_rec).xml(),
atxt['4'] = r.t_services.f_proto
# Append A tags around services with HTTP Ports
if r.t_services.f_number in HTTP_PORTS and r.t_services.f_proto == "tcp" or r.t_services.f_name == "HTTP":
atxt['5'] = A(r.t_services.f_number,
_href=URL('default', 'redirect', extension='html', vars={'url': "http://%s:%s/" % (host_rec.f_ipaddr, r.t_services.f_number)}),
_target="%s-tcp-%s" % (host_rec.f_ipaddr, r.t_services.f_number)).xml()
elif r.t_services.f_number in HTTPS_PORTS and r.t_services.f_proto == "tcp" or r.t_services.f_name == "HTTPS":
atxt['5'] = A(r.t_services.f_number,
_href=URL('default', 'redirect', extension='html', vars={'url': "https://%s:%s/" % (host_rec.f_ipaddr, r.t_services.f_number)}),
_target="%s-tcp-%s" % (host_rec.f_ipaddr, r.t_services.f_number)).xml()
else:
atxt['5'] = r.t_services.f_number
atxt['6'] = r.t_services.f_status
atxt['7'] = len(vulnlist)
vulntxt = []
for vuln in vulnlist:
color = severity_mapping(vuln[1])[2]
vulntxt.append(A(vuln[0], _id="vuln", _target="vulninfo_by_vulnid_%s" % (vuln[0]), _href=URL('vulns', 'vulninfo_by_vulnid', args=[vuln[0]], extension='html'),
_style="color:"+color).xml())
atxt['8'] = " :: ".join(vulntxt)
if len(explist) > 0:
atxt['9'] = "Yes (%d)" % (len(explist))
else:
atxt['9'] = ''
if len(explist) > 0:
atxt['10'] = TABLE(THEAD(TR(TH(T('Name')),
TH(T('Title')),
TH(T('Source')),
TH(T('Rank')))),
TBODY(explist),
_class="table table-condensed",
_style="width:100%").xml()
else:
atxt['10'] = ''
atxt['11'] = r.t_services.f_name
atxt['12'] = r.t_services.f_banner
atxt['DT_RowId'] = r.t_services.id
aaData.append(atxt)
result = {
'sEcho': request.vars.sEcho,
'iTotalRecords': db(db.t_services).count(),
'iTotalDisplayRecords': nolimit,
'aaData': aaData,
}
return result
else:
add = AddModal(
db.t_services, 'Add', 'Add', 'Add Service',
#fields=[
# 'f_proto', 'f_number', 'f_status', 'f_name', 'f_banner'
#],
cmd='servicetable.fnReloadAjax();'
)
db.t_services.id.comment = add.create()
return dict(add=add)
def list():
from skaldship.general import severity_mapping
response.title = "%s :: Services" % (settings.title)
if request.extension == 'json':
q = (db.t_services.id > 0)
proto = request.vars.f_proto
pnum = request.vars.f_number
if pnum:
q &= (db.t_services.f_number == pnum)
if proto:
q &= (db.t_services.f_protocol == proto)
q = create_hostfilter_query(session.hostfilter, q, 't_services')
# Datatables Server-side: http://datatables.net/usage/server-side
if 'iDisplayStart' in request.vars:
start = int(request.vars.iDisplayStart)
else:
start = 0
if 'iDisplayLength' in request.vars:
if request.vars.iDisplayLength == '-1':
limit = db(q).count()
else:
limit = start + int(request.vars.iDisplayLength)
else:
limit = int(auth.user.f_show_size)
srch_data = request.vars.get('sSearch')
if srch_data:
# sSearch global search box
# parse the search into fields (port:num proto:tcp etc)
srch_vals = [
["port", db.t_services.f_number],
["proto", db.t_services.f_proto],
["status", db.t_services.f_status],
["name", db.t_services.f_name],
["banner", db.t_services.f_banner],
["ip", db.t_hosts.f_ipaddr],
["hostname", db.t_hosts.f_hostname],
]
parsed = False
for val in srch_vals:
srch_str = "%s:(?P<f>\w+)" % val[0]
srch_res = re.findall(srch_str, srch_data)
for res in srch_res:
parsed = True
if val[0] == 'banner':
q &= (val[1].contains(res))
else:
q &= (val[1].upper() == res.upper())
if not parsed:
q &= db.t_services.f_proto.like("%%%s%%" % request.vars.sSearch) | \
db.t_services.f_number.like("%%%s%%" % request.vars.sSearch) | \
db.t_services.f_name.like("%%%s%%" % request.vars.sSearch) | \
db.t_services.f_banner.like("%%%s%%" % request.vars.sSearch) | \
db.t_services.f_status.like("%%%s%%" % request.vars.sSearch)
if request.vars.iSortingCols == '1':
cols = (
None,
None,
None,
db.t_services.f_hosts_id,
db.t_services.f_proto,
db.t_services.f_number,
db.t_services.f_status,
None,
None,
None,
None,
db.t_services.f_name,
db.t_services.f_banner,
)
orderby = cols[int(request.vars.iSortCol_0)]
if request.vars.sSortDir_0 == 'asc':
rows = db(q).select(orderby=orderby, limitby=(start, limit))
else:
rows = db(q).select(orderby=~orderby, limitby=(start, limit))
else:
rows = db(q).select(limitby=(start, limit))
nolimit = db(q).count()
aaData = []
# datatable formatting is specific
# gather all the vulndata and exploits into a big row
# later we'll do a find(lambda: row: row.<db>.<field> == <value>)
# to slice it into the bits we need. Maybe it'll be faster?
#vulndata = db().select(db.t_vulndata.f_vulnid, db.t_vulndata.id, db.t_exploit_references.f_exploit_id,
# left=db.t_exploit_references.on(db.t_vulndata.id==db.t_exploit_references.f_vulndata_id))
for r in rows:
atxt = {}
vulncount = 0
vulns = db(
db.t_service_vulns.f_services_id == r.t_services.id).select(
db.t_service_vulns.f_vulndata_id, cache=(cache.ram, 60))
vulnlist = []
explist = []
for vuln in vulns:
vuln_rec = db.t_vulndata[vuln.f_vulndata_id]
if vuln_rec.f_vulnid not in vulnlist:
if settings.use_cvss:
vulnlist.append(
(vuln_rec.f_vulnid, vuln_rec.f_cvss_score))
else:
vulnlist.append(
(vuln_rec.f_vulnid, vuln_rec.f_severity))
exploits = db(db.t_exploit_references.f_vulndata_id ==
vuln.f_vulndata_id).select(cache=(cache.ram, 60))
if len(exploits) > 0:
for expinfo in exploits:
exp = db.t_exploits[expinfo.f_exploit_id]
exp_link = A(exp.f_name,
_href=URL('exploits',
'edit',
extension='html',
args=exp.id),
_target='blank')
explist.append(
TR(TD(exp_link), TD(exp.f_title), TD(exp.f_source),
TD(exp.f_rank)))
q = r.t_services.t_service_info.select(cache=(cache.ram, 60))
if (len(q) > 0) or (len(explist) > 0) or (len(vulnlist) > 0):
atxt['0'] = IMG(_src=URL(request.application, 'static',
'images/details_open.png')).xml()
else:
atxt['0'] = ""
atxt['1'] = A("edit",
_target="services_edit_%s" % (r.t_services.id),
_href=URL('edit',
args=[r.t_services.id],
extension='html')).xml()
if len(q) > 0:
addl = []
for svcinfo in q:
addl.append(TR(TD(svcinfo.f_name), TD(svcinfo.f_text)))
atxt['2'] = TABLE(THEAD(TR(TH(T('Name')), TH(T('Text')))),
TBODY(addl),
_class="table table-condensed table-striped",
_style="width:100%").xml()
else:
atxt['2'] = ''
host_rec = db.t_hosts[r.t_services.f_hosts_id]
atxt['3'] = host_a_maker(host_rec).xml(),
atxt['4'] = r.t_services.f_proto
# Append A tags around services with HTTP Ports
if r.t_services.f_number in HTTP_PORTS and r.t_services.f_proto == "tcp" or r.t_services.f_name == "HTTP":
atxt['5'] = A(
r.t_services.f_number,
_href=URL('default',
'redirect',
extension='html',
vars={
'url':
"http://%s:%s/" %
(host_rec.f_ipaddr, r.t_services.f_number)
}),
_target="%s-tcp-%s" %
(host_rec.f_ipaddr, r.t_services.f_number)).xml()
elif r.t_services.f_number in HTTPS_PORTS and r.t_services.f_proto == "tcp" or r.t_services.f_name == "HTTPS":
atxt['5'] = A(
r.t_services.f_number,
_href=URL('default',
'redirect',
extension='html',
vars={
'url':
"https://%s:%s/" %
(host_rec.f_ipaddr, r.t_services.f_number)
}),
_target="%s-tcp-%s" %
(host_rec.f_ipaddr, r.t_services.f_number)).xml()
else:
atxt['5'] = r.t_services.f_number
atxt['6'] = r.t_services.f_status
atxt['7'] = len(vulnlist)
vulntxt = []
for vuln in vulnlist:
color = severity_mapping(vuln[1])[2]
vulntxt.append(
A(vuln[0],
_id="vuln",
_target="vulninfo_by_vulnid_%s" % (vuln[0]),
_href=URL('vulns',
'vulninfo_by_vulnid',
args=[vuln[0]],
extension='html'),
_style="color:" + color).xml())
atxt['8'] = " :: ".join(vulntxt)
if len(explist) > 0:
atxt['9'] = "Yes (%d)" % (len(explist))
else:
atxt['9'] = ''
if len(explist) > 0:
atxt['10'] = TABLE(THEAD(
TR(TH(T('Name')), TH(T('Title')), TH(T('Source')),
TH(T('Rank')))),
TBODY(explist),
_class="table table-condensed",
_style="width:100%").xml()
else:
atxt['10'] = ''
atxt['11'] = r.t_services.f_name
atxt['12'] = r.t_services.f_banner
atxt['DT_RowId'] = r.t_services.id
aaData.append(atxt)
result = {
'sEcho': request.vars.sEcho,
'iTotalRecords': db(db.t_services).count(),
'iTotalDisplayRecords': nolimit,
'aaData': aaData,
}
return result
else:
add = AddModal(
db.t_services,
'Add',
'Add',
'Add Service',
#fields=[
# 'f_proto', 'f_number', 'f_status', 'f_name', 'f_banner'
#],
cmd='servicetable.fnReloadAjax();')
db.t_services.id.comment = add.create()
return dict(add=add)
def aa_by_host():
"""
Returns a list of vulnerabilties per port in a tree view format based upon an host identifier
(id, ipv4, ipv6)
"""
record = get_host_record(request.args(0))
if record is None:
redirect(URL('default', 'error', vars={'msg': T('Host record not found')}))
treeul=UL(_id='aatree_ul')
db_svcs = db.t_services
db_svulns = db.t_service_vulns
db_vulns = db.t_vulndata
services = db(db_svcs.f_hosts_id==record.id).select(db_svcs.f_number, db_svcs.id,
db_svcs.f_proto, db_svcs.f_name,orderby=db_svcs.id)
if settings.use_cvss:
db_vsevs = db_vulns.f_cvss_score
else:
db_vsevs = db_vulns.f_severity
tree = DIV(_id="aatree")
for svc in services:
nexlist = []
nexlist_single = []
expl_count = 0
exploit_list = UL()
exploitdb = 0
metasploit = 0
canvas = 0
prev_f_status = ''
vulnclass = ''
for vulninfo in db(
(db_svulns.f_services_id == svc.id) & (db_vulns.id == db_svulns.f_vulndata_id)
).select(orderby=~db_svulns.f_status|~db_vsevs, cache=(cache.ram, 120)):
#init variables
vulndetails = vulninfo.t_vulndata
vulninfo = vulninfo.t_service_vulns
cur_f_status = vulninfo.f_status
#Generating the exploit lists
exploits = db(db.t_exploit_references.f_vulndata_id == vulninfo.f_vulndata_id).select(orderby=~db.t_exploit_references.id)
exploit_list_single = UL()
if len(exploits) > 0:
for expl in exploits:
for expl_data in db(db.t_exploits.id == expl.f_exploit_id).select(db.t_exploits.f_source, db.t_exploits.f_title, db.t_exploits.f_name, db.t_exploits.f_rank, db.t_exploits.f_level):
exp_link = expl_data.f_name
if expl_data.f_source == 'exploitdb':
exploitdb += 1
if db.t_exploitdb[expl_data.f_title]:
exploitdb_href = URL('exploitdb', 'detail.html', args=expl_data.f_title)
else:
exploitdb_href = URL('default', 'redirect', extension='html', vars={'url': 'http://www.exploit-db.com/exploits/%s' % expl_data.f_title})
exp_link = A(IMG(_align="absmiddle", _width=16, _height=16, _src=URL('static','images/exploitdb.ico')), ' exploitdb - ' + expl_data.f_name,_href=exploitdb_href, _target="exploitdb_%s" % (expl_data.f_name))
elif expl_data.f_source == 'metasploit':
metasploit += 1
if session.msf_workspace:
msf_uri = os.path.join(msf_settings['url'], session.msf_workspace, 'modules', expl_data.f_title)
else:
msf_uri = URL('default', 'redirect', extension='html', vars={'url': 'http://www.rapid7.com/db/modules/%s' % expl_data.f_title})
exp_link = A(IMG(_align="absmiddle", _width=16, _height=16, _src=URL('static','images/msf.gif')), ' metasploit - ' + expl_data.f_name, _href=msf_uri, _target="msf_%s" % (expl_data.f_name))
elif expl_data.f_source == 'canvas':
canvas += 1
exp_link = SPAN(IMG(_align="absmiddle", _width=16, _height=16, _src=URL('static','images/canvas.png')), ' canvas - ' + expl_data.f_name)
#expl_link = ' canvas - ' + expl_data.f_name
expl_count += 1
exploit_list_single.append(LI(expl_data.f_title , " : " , exp_link , " (" , expl_data.f_rank , "/" , expl_data.f_level, ")"))
textdecoration=""
if vulninfo.f_exploited == True and len(exploits) > 0:
textdecoration="text-decoration:line-through underline; "
elif vulninfo.f_exploited == True and len(exploits) == 0:
textdecoration="text-decoration: line-through; "
elif (vulninfo.f_exploited == False or vulninfo.f_exploited == None) and len(exploits) == 0:
textdecoration="text-decoration: none;"
#generation vuln link
if settings.use_cvss:
severity = int(float(vulndetails.f_cvss_score))
else:
severity = int(vulndetails.f_severity)
style = textdecoration + "color:" + severity_mapping(severity - 1)[2]
vuln_title_link = A(vulndetails.f_vulnid, _title = vulninfo.f_status+ ' Severity: ' + str(severity),
_style=style, _target="vulndata_%s" % (vulndetails.id),
_href=URL(request.application,'vulns', 'vulninfo_by_vulnid',
args=vulndetails.f_vulnid, extension='html'))
if cur_f_status != prev_f_status and prev_f_status != '':
nexlist.append(SPAN(nexlist_single, _class=vulnclass)) #for a line in the bottom
nexlist.append(' ')
nexlist_single = []
else:
nexlist_single.append(' ')
nexlist_single.append(vuln_title_link )
prev_f_status = vulninfo.f_status
vulnclass = ''
#style for vuln links
if vulninfo.f_status == 'vulnerable-version':
vulnclass='host_detail_vulnerable-version'
if vulninfo.f_status == 'vulnerable-exploited':
vulnclass='host_detail_vulnerable-exploited'
if vulninfo.f_status == 'potential':
vulnclass='host_detail_potential'
if len(exploit_list_single) > 0: exploit_list.append(LI(SPAN(vuln_title_link), exploit_list_single))
#attach the last vuln list
if len(nexlist_single)>0: nexlist.append(SPAN(nexlist_single, _class=vulnclass))
service_disp=SPAN(svc.f_proto + '/' + svc.f_number + ' - ' + str(svc.f_name))
expl_count = "Exploits - (%d)" % (expl_count)
if len(nexlist)>0:
if len(exploit_list) == 0:
treeul.append(LI(service_disp,UL(LI(nexlist)))) #No exploits
else:
expl_count = SPAN(expl_count + " : metasploit (%d) exploitdb (%d) canvas (%d)" % (metasploit, exploitdb, canvas),_style="color:red")
treeul.append(LI(service_disp,UL(LI(nexlist)), UL(LI(expl_count,exploit_list,_class="closed"))))
else:
treeul.append(LI(service_disp)) #No vulns
tree = DIV(treeul, _id="aatree")
return dict(tree=tree)
def vulncloud():
"""
Pablo's vulnerability tag cloud
Vulnerability IDs are counted and colored via severity.
1-3: grey
4-5: blue
6-7: magenta
8-10: red
IDs are then sized based on quantity in HTML.
"""
if request.extension == "json":
# build the json data
vulncloud = {}
vd = db.t_vulndata
svc_vulns = db.t_service_vulns
# grab the list of vulnerabilities
q = (svc_vulns.f_vulndata_id == vd.id)
if request.args(0) is not None:
try:
minsev = float(request.args(0))
except:
minsev = 8.0
q &= (vd.f_cvss_score >= minsev)
if settings.use_cvss:
q &= (vd.f_cvss_score >= float(request.args(0)))
else:
q &= (vd.f_severity >= int(request.args(0)))
vulns = db(q).select(vd.id,
vd.f_vulnid,
vd.f_severity,
vd.f_cvss_score,
cache=(cache.ram, 300))
else:
vulns = db(vd.id > 0).select(vd.id,
vd.f_vulnid,
vd.f_severity,
vd.f_cvss_score,
cache=(cache.ram, 300))
for row in vulns:
count = db(db.t_service_vulns.f_vulndata_id == row.id).count()
if count > 0:
if settings.use_cvss:
severity = int(row.f_cvss_score)
else:
severity = int(row.f_severity)
vulncloud[row.f_vulnid] = vulncloud.setdefault(
row.f_vulnid, {
'count': count,
'color': severity_mapping(severity)[2]
})
cloud = []
for k, v in vulncloud.items():
cloud.append({'tag': k, 'count': v['count'], 'color': v['color']})
return dict(vulncloud=cloud)
response.title = "%s :: Vulnerability Tag Cloud" % (settings.title)
response.files.append(
URL(request.application, 'static', 'js/jquery.tagcloud-2.js'))
return dict()
response.title = "%s :: Vulnerability Tag Cloud" % (settings.title)
response.files.append(
URL(request.application, 'static', 'js/jquery.tagcloud-2.js'))
return dict()
def vulncloud():
"""
Pablo's vulnerability tag cloud
Vulnerability IDs are counted and colored via severity.
1-3: grey
4-5: blue
6-7: magenta
8-10: red
IDs are then sized based on quantity in HTML.
"""
if request.extension == "json":
# build the json data
vulncloud = {}
vd = db.t_vulndata
svc_vulns = db.t_service_vulns
# grab the list of vulnerabilities
q = (svc_vulns.f_vulndata_id == vd.id)
if request.args(0) is not None:
try:
minsev = int(request.args(0))
except:
minsev = 8
q &= (vd.f_cvss_score >= minsev)
if settings.use_cvss:
q &= (vd.f_cvss_score >= float(request.args(0)))
else:
q &= (vd.f_severity >= int(request.args(0)))
vulns = db(q).select(
vd.id, vd.f_vulnid, vd.f_severity, vd.f_cvss_score, cache=(cache.ram, 300)
)
else:
vulns = db(vd.id > 0).select(vd.id, vd.f_vulnid, vd.f_severity, vd.f_cvss_score, cache=(cache.ram, 300))
for row in vulns:
count = db(db.t_service_vulns.f_vulndata_id == row.id).count()
if count > 0:
if settings.use_cvs:
severity = float(row.f_cvss_score)
else:
severity = int(row.f_severity)
vulncloud[row.f_vulnid] = vulncloud.setdefault(
row.f_vulnid, {'count': count, 'color': severity_mapping(severity - 1)[2]}
)
cloud = []
for k, v in vulncloud.iteritems():
cloud.append({'tag': k, 'count': v['count'], 'color': v['color']})
return dict(vulncloud=cloud)
response.title = "%s :: Vulnerability Tag Cloud" % (settings.title)
response.files.append(URL(request.application, 'static', 'js/jquery.tagcloud-2.js'))
return dict()
response.title = "%s :: Vulnerability Tag Cloud" % (settings.title)
response.files.append(URL(request.application, 'static', 'js/jquery.tagcloud-2.js'))
return dict()
def vulncloud():
"""
Pablo's vulnerability tag cloud
Vulnerability IDs are counted and colored via severity.
1-3: grey
4-5: blue
6-7: magenta
8-10: red
IDs are then sized based on quantity in HTML.
"""
if request.extension == "json":
# build the json data
vulncloud = {}
# grab the list of vulnerabilities
if(request.args(0) is not None):
vulns = db(db.t_vulndata.f_severity>=int(request.args(0))).select(db.t_vulndata.id, db.t_vulndata.f_vulnid, db.t_vulndata.f_severity, cache=(cache.ram,300))
else:
vulns = db(db.t_vulndata.id > 0).select(db.t_vulndata.id, db.t_vulndata.f_vulnid, db.t_vulndata.f_severity, cache=(cache.ram,300))
#service_vulns = db(db.t_service_vulns).select(db.t_service_vulns.f_vulndata_id, groupby=db.t_service_vulns.f_vulndata_id, cache=(cache.ram,300))
for row in vulns:
#vrow = db(db.t_vulndata.id == row.f_vulndata_id).select(db.t_vulndata.f_vulnid, db.t_vulndata.f_severity).first()
count = db(db.t_service_vulns.f_vulndata_id == row.id).count()
if count > 0:
vulncloud[row.f_vulnid] = vulncloud.setdefault(row.f_vulnid, { 'count': count, 'color': severity_mapping(row.f_severity - 1)[2] })
cloud = []
for k,v in vulncloud.iteritems():
cloud.append({'tag': k, 'count': v['count'], 'color': v['color']})
return dict(vulncloud=cloud)
response.title = "%s :: Vulnerability Tag Cloud" % (settings.title)
response.files.append(URL(request.application, 'static', 'js/jquery.tagcloud-2.js'))
return dict()
def aa_by_host():
"""
Returns a list of vulnerabilties per port in a tree view format based upon an host identifier
(id, ipv4, ipv6)
"""
record = get_host_record(request.args(0))
if record is None:
redirect(
URL('default', 'error', vars={'msg': T('Host record not found')}))
treeul = UL(_id='aatree_ul')
db_svcs = db.t_services
db_svulns = db.t_service_vulns
db_vulns = db.t_vulndata
services = db(db_svcs.f_hosts_id == record.id).select(db_svcs.f_number,
db_svcs.id,
db_svcs.f_proto,
db_svcs.f_name,
orderby=db_svcs.id)
if settings.use_cvss:
db_vsevs = db_vulns.f_cvss_score
else:
db_vsevs = db_vulns.f_severity
tree = DIV(_id="aatree")
for svc in services:
nexlist = []
nexlist_single = []
expl_count = 0
exploit_list = UL()
exploitdb = 0
metasploit = 0
canvas = 0
prev_f_status = ''
vulnclass = ''
for vulninfo in db((db_svulns.f_services_id == svc.id)
& (db_vulns.id == db_svulns.f_vulndata_id)).select(
orderby=~db_svulns.f_status | ~db_vsevs,
cache=(cache.ram, 120)):
#init variables
vulndetails = vulninfo.t_vulndata
vulninfo = vulninfo.t_service_vulns
cur_f_status = vulninfo.f_status
#Generating the exploit lists
exploits = db(db.t_exploit_references.f_vulndata_id ==
vulninfo.f_vulndata_id).select(
orderby=~db.t_exploit_references.id)
exploit_list_single = UL()
if len(exploits) > 0:
for expl in exploits:
for expl_data in db(
db.t_exploits.id == expl.f_exploit_id).select(
db.t_exploits.f_source, db.t_exploits.f_title,
db.t_exploits.f_name, db.t_exploits.f_rank,
db.t_exploits.f_level):
exp_link = expl_data.f_name
if expl_data.f_source == 'exploitdb':
exploitdb += 1
if db.t_exploitdb[expl_data.f_title]:
exploitdb_href = URL('exploitdb',
'detail.html',
args=expl_data.f_title)
else:
exploitdb_href = URL(
'default',
'redirect',
extension='html',
vars={
'url':
'http://www.exploit-db.com/exploits/%s'
% expl_data.f_title
})
exp_link = A(IMG(_align="absmiddle",
_width=16,
_height=16,
_src=URL('static',
'images/exploitdb.ico')),
' exploitdb - ' + expl_data.f_name,
_href=exploitdb_href,
_target="exploitdb_%s" %
(expl_data.f_name))
elif expl_data.f_source == 'metasploit':
metasploit += 1
if session.msf_workspace:
msf_uri = os.path.join(msf_settings['url'],
session.msf_workspace,
'modules',
expl_data.f_title)
else:
msf_uri = URL(
'default',
'redirect',
extension='html',
vars={
'url':
'http://www.rapid7.com/db/modules/%s' %
expl_data.f_title
})
exp_link = A(IMG(_align="absmiddle",
_width=16,
_height=16,
_src=URL('static',
'images/msf.gif')),
' metasploit - ' + expl_data.f_name,
_href=msf_uri,
_target="msf_%s" % (expl_data.f_name))
elif expl_data.f_source == 'canvas':
canvas += 1
exp_link = SPAN(
IMG(_align="absmiddle",
_width=16,
_height=16,
_src=URL('static', 'images/canvas.png')),
' canvas - ' + expl_data.f_name)
#expl_link = ' canvas - ' + expl_data.f_name
expl_count += 1
exploit_list_single.append(
LI(expl_data.f_title, " : ", exp_link, " (",
expl_data.f_rank, "/", expl_data.f_level, ")"))
textdecoration = ""
if vulninfo.f_exploited == True and len(exploits) > 0:
textdecoration = "text-decoration:line-through underline; "
elif vulninfo.f_exploited == True and len(exploits) == 0:
textdecoration = "text-decoration: line-through; "
elif (vulninfo.f_exploited == False
or vulninfo.f_exploited == None) and len(exploits) == 0:
textdecoration = "text-decoration: none;"
#generation vuln link
if settings.use_cvss:
if vulndetails.f_cvss_score is not None:
severity = int(float(vulndetails.f_cvss_score))
else:
severity = 0
else:
if vulndetails.f_severity is not None:
severity = int(vulndetails.f_severity)
else:
severity = 0
style = textdecoration + "color:" + severity_mapping(severity)[2]
vuln_title_link = A(vulndetails.f_vulnid,
_title=vulninfo.f_status + ' Severity: ' +
str(severity),
_style=style,
_target="vulndata_%s" % (vulndetails.id),
_href=URL(request.application,
'vulns',
'vulninfo_by_vulnid',
args=vulndetails.f_vulnid,
extension='html'))
if cur_f_status != prev_f_status and prev_f_status != '':
nexlist.append(
SPAN(nexlist_single,
_class=vulnclass)) #for a line in the bottom
nexlist.append(' ')
nexlist_single = []
else:
nexlist_single.append(' ')
nexlist_single.append(vuln_title_link)
prev_f_status = vulninfo.f_status
vulnclass = ''
#style for vuln links
if vulninfo.f_status == 'vulnerable-version':
vulnclass = 'host_detail_vulnerable-version'
if vulninfo.f_status == 'vulnerable-exploited':
vulnclass = 'host_detail_vulnerable-exploited'
if vulninfo.f_status == 'potential':
vulnclass = 'host_detail_potential'
if len(exploit_list_single) > 0:
exploit_list.append(
LI(SPAN(vuln_title_link), exploit_list_single))
#attach the last vuln list
if len(nexlist_single) > 0:
nexlist.append(SPAN(nexlist_single, _class=vulnclass))
service_disp = SPAN(svc.f_proto + '/' + svc.f_number + ' - ' +
str(svc.f_name))
expl_count = "Exploits - (%d)" % (expl_count)
if len(nexlist) > 0:
if len(exploit_list) == 0:
treeul.append(LI(service_disp, UL(LI(nexlist)))) #No exploits
else:
expl_count = SPAN(
expl_count +
" : metasploit (%d) exploitdb (%d) canvas (%d)" %
(metasploit, exploitdb, canvas),
_style="color:red")
treeul.append(
LI(service_disp, UL(LI(nexlist)),
UL(LI(expl_count, exploit_list, _class="closed"))))
else:
treeul.append(LI(service_disp)) #No vulns
tree = DIV(treeul, _id="aatree")
return dict(tree=tree)
